Date: Tue, 19 Feb 2019 13:16:24 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Tobias Kortkamp <tobik@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r493354 - in head/sysutils: . py-bitrot Message-ID: <20190219131624.GA7020@FreeBSD.org> In-Reply-To: <20190219124807.GA82443@urd.tobik.me> References: <201902190818.x1J8I8WT095199@repo.freebsd.org> <20190219082916.GA16223@FreeBSD.org> <45f02a0a-be04-4d62-a4ff-96d800e8687c@www.fastmail.com> <20190219101610.GA71171@FreeBSD.org> <20190219103209.GA45811@urd.tobik.me> <20190219115338.GA46857@FreeBSD.org> <20190219124807.GA82443@urd.tobik.me>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 19, 2019 at 01:48:11PM +0100, Tobias Kortkamp wrote:
> ...
> If I missed something and if you have any evidence that this port
> is malicious I'd like to hear about it, so that we can do the
> appropriate thing like removing it again.
I didn't say anything about *this* port being malicious; my point
was two-fold:
1) by adding port to the collection, we as committers should try
to provide a well-cooked product: buildable, working, and also
properly documented. Sometimes it is easy when upstream offers
good substrate so all we have to do is package those bits, but
sometimes it is not. Lack of proper documentation, including
port description, while not as bad as unbuildable or unrunnable
package, is still pretty bad;
2) having "I can't bother beyond handling a simple add request"
attitude in general is bad because malicious port or changes
*could* be inserted, and thus we should not get into habit of
cutting corners and committing whatever was put up on Bugzilla
without sufficient review.
./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190219131624.GA7020>